1LOCAL_PATH:= $(call my-dir) 2 3####################################### 4# verity_key (installed to /, i.e. part of system.img) 5include $(CLEAR_VARS) 6 7LOCAL_MODULE := verity_key 8LOCAL_SRC_FILES := $(LOCAL_MODULE) 9LOCAL_MODULE_CLASS := ETC 10LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 11 12# For devices using a separate ramdisk, we need a copy there to establish the chain of trust. 13ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) 14LOCAL_REQUIRED_MODULES := verity_key_ramdisk 15endif 16 17include $(BUILD_PREBUILT) 18 19####################################### 20# verity_key (installed to ramdisk) 21# 22# Enabling the target when using system-as-root would cause build failure, as TARGET_RAMDISK_OUT 23# points to the same location as TARGET_ROOT_OUT. 24ifneq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) 25 include $(CLEAR_VARS) 26 LOCAL_MODULE := verity_key_ramdisk 27 LOCAL_MODULE_CLASS := ETC 28 LOCAL_SRC_FILES := verity_key 29 LOCAL_MODULE_STEM := verity_key 30 LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT) 31 include $(BUILD_PREBUILT) 32endif 33 34####################################### 35# adb key, if configured via PRODUCT_ADB_KEYS 36ifdef PRODUCT_ADB_KEYS 37 ifneq ($(filter eng userdebug,$(TARGET_BUILD_VARIANT)),) 38 include $(CLEAR_VARS) 39 LOCAL_MODULE := adb_keys 40 LOCAL_MODULE_CLASS := ETC 41 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) 42 LOCAL_PREBUILT_MODULE_FILE := $(PRODUCT_ADB_KEYS) 43 include $(BUILD_PREBUILT) 44 endif 45endif 46 47 48####################################### 49# otacerts: A keystore with the authorized keys in it, which is used to verify the authenticity of 50# downloaded OTA packages. 51include $(CLEAR_VARS) 52 53LOCAL_MODULE := otacerts 54LOCAL_MODULE_CLASS := ETC 55LOCAL_MODULE_STEM := otacerts.zip 56LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security 57include $(BUILD_SYSTEM)/base_rules.mk 58$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 59$(LOCAL_BUILT_MODULE): $(SOONG_ZIP) $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 60 $(SOONG_ZIP) -o $@ -j -f $(PRIVATE_CERT) 61 62 63####################################### 64# otacerts for recovery image. 65include $(CLEAR_VARS) 66 67LOCAL_MODULE := otacerts.recovery 68LOCAL_MODULE_CLASS := ETC 69LOCAL_MODULE_STEM := otacerts.zip 70LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc/security 71include $(BUILD_SYSTEM)/base_rules.mk 72 73extra_recovery_keys := $(patsubst %,%.x509.pem,$(PRODUCT_EXTRA_RECOVERY_KEYS)) 74 75$(LOCAL_BUILT_MODULE): PRIVATE_CERT := $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem 76$(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_RECOVERY_KEYS := $(extra_recovery_keys) 77$(LOCAL_BUILT_MODULE): \ 78 $(SOONG_ZIP) \ 79 $(DEFAULT_SYSTEM_DEV_CERTIFICATE).x509.pem \ 80 $(extra_recovery_keys) 81 $(SOONG_ZIP) -o $@ -j \ 82 $(foreach key_file, $(PRIVATE_CERT) $(PRIVATE_EXTRA_RECOVERY_KEYS), -f $(key_file)) 83